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[57] ABSTRACT 

A secure comrnunications arrangement is disclosed includ- 
ing a source device and a destination device interconnected 
by a network. The source device generates message packets 
for transfer to the destination device, each message packet 
including information in ciphertext form. The source device 
generates the ciphertext from plaintext in accordance with 
the cipher block chaining mode, using an initialization 
vector that is generated using a hash function selected so that 
small changes in an input result in large changes in the 
initialization vector. As a result values such as sequence 
numbers or time stamps can be used in generating the 
initialization vector, while still providing for cryptographic 
security for the ciphertext as against cryptanalytic attack. 
Tlie destination device receives the message packet and 
decrypts the ciphertext to generate plaintext in accordance 
with the cipher block chaining mode, using an initialization 
vector that is generated using the corresponding hash func- 
tion. Although the secure communications arrangement is 
described in connection with the cipher block chaining 
mode, other modes, such as the cipher-feedback mode, 
output-feedback mode and other encryption modes which 
make use of initialization vectors, could also be used. 
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100. INFORMATION TO BE TRANSFERRED IS LOADED IN 
PLAINTEXT FORM IN THE SOURCE DEVICE'S 
INFORMATION INPUT BUFFER 20 



'101. SOURCE DEVICE'S PACKET SEQUENCE NUMBER 
GENERATOR 25 GENERATES A PACKET SEQUENCE 
NUMBER PKT_SEQ_NO FOR THE MESSAGE PACKET IN 
WHICH THE INFORMATION IS TO BE TRANSFERRED AND 
PROVIDES IT TO THE INITIALIZATION VECTOR 
^ENERATOR 23 



102. SOURCE DEVICE'S INITIALIZATION VECTOR 
GENERATOR 23 PROCESSES THE PACKET SEQUENCE 
NUMBER IN CONNECTION WITH THE SELECTED HASH 
ALGORITHM TO GENERATE THE INITIALIZATION VECTOR 
INIT_VECTOR 



103. SOURCE DEVICE'S ENCRYPT/DECRYPT MODULE 22 
RECEIVES THE PLAINTEXT INFORMATION FROM THE 
INFORMATION INPUT BUFFER 20 AND THE 
INITIALIZATION VECTOR INIT_VECTOR FROM THE 
INITIALIZATION VECTOR GENERATOR 23 AND 
PROCESSES THEM IN CONNECTION WITH THE CIPHER 
BLOCK CHAINING MODE, IN STAGES (FIG. 2), USING A 
SELECTED ENCRYPTION ALGORITHM AND ENCRYPTION 
KEY, TO GENERATE INFORMATION IN CIPHERTEXT FORM 
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104. SOURCE DEVICE'S MESSAGE 
GENERATOR/RECEIVER 24 GENERATES A MESSAGE 
PACKET INCLUDING THE CIPHERTEXT INFORMATION 
FOR TRANSFER OVER THE COMMUNICATION LINK 12 TO 
THE DESTINATION DEVICE 



105. DESTINATION DEVICE'S MESSAGE 
GENERATOR/RECEIVER 24 RECEIVES THE MESSAGE 
PACKET FROM THE COMMUNICATION LINK 12 AND 
PROVIDES THE CIPHERTEXT INFORMATION TO THE 
ENCRYPT/DECRYPT MODULE 22 
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106. PACKET SEQUENCE NUMBER PKT SEQ NO FOR 
THE PACKET IS PROVIDED TO THE DESTINATION 
DEVICE'S INITIALIZATION VECTOR GENERATOR 23 
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i07. DESTINATION DEVICE'S INITIALIZATION VECTOR 
GENERATOR 23 PROCESSES THE PACKET SEQUENCE 
NUMBER IN CONNECTION WITH THE SAME HASH 
FUNCTION USED BY THE SOURCE DEVICE'S 
INITIALIZATION VECTOR GENERATOR TO GENERATE THE 
SAME INITIALIZATION VECTOR INIT_VECTOR 
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08. DESTINATION DEVICE'S ENCRYPT/DECRYPT 
MODULE 22 RECEIVES THE CIPHERTEXT FROM THE 
DESTINATION DEVICE'S MESSAGE 
GENERATOR/RECEIVER 24 AND THE INITIALIZATION 
VECTOR INIT_VECTOR FROM THE DESTINATION DEVICE'S 
INITIALIZATION VECTOR GENERATOR 23 AND 
PROCESSES THEM IN CONNECTION WITH THE CIPHER 
BLOCK CHAINING MODE, IN STAGES (FIG. 3), USING AN 
APPROPRIATE DECRYPTION ALGORITHM AND 
DECRYPTION KEY, TO GENERATE INFORMATION IN 
VPLAINTEXT FORM 



^NO. 



109. DESTINATION DEVICE'S ENCRYPT/DECRYPT 
MODULE 22 DETERMINES WHETHER THE DECRYPTED 
PLAINTEXT IS SENSIBLE 



YES 



110. DECRYPTED PLAINTEXT INFORMATION IS STORED IN 
THE DESTINATION DEVICFS INFORMATION OUTPUT 
BUFFER 21 



/In. DESTINATION DEVICE'S ENCRYPT/DECRYPT 
MODULE 22 REPEATS STEPS 107/108 ONE OR MORE 
TIMES USING RESPECTIVE NUMBERS IN GENERATING 
THE INITIALIZATION VECTOR IN GENERATING SENSIBLE 
PLAINTEXT 
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SYSTEM AND METHOD FOR DERIVING AN 
APPROPRIATE INITIALIZATION VECTOR 
FOR SECURE COMMUNICATIONS 

FIELD OF THE INVENTION s 

The invention relates generally to the field of 
communications, and more particularly to a system and 
method for deriving an appropriate initialization vector for 
use in encryption methodologies, such as the cipher block 
chaining mode, cipher- feedback mode, output-feedback 
mode and other encryption modes which make \ise of 
initialization vectors, for encrypting infonnation to be com- 
municated. 

BACKGROUND OF THE INVENTION 15 

Digital networks have been developed to facilitate the 
transfer of information, including data and programs, among 
digital computer systems and other digital devices. A variety 
of types of networks have been developed and implemented, 
including so-called "wide-area networks" (WANS) and 
"local area networks" (LANs), which transfer information 
using diverse information transfer methodologies. 
Generally, LANs are implemented over relatively small 
geographical areas, such as within an individual ofiBce 
facility or the like, for transferring infonnation within a 
particular office, company or similar type of organization. 
On the other hand, WANs are implemented over relatively 
large geographical areas, and may be ;ised to transfer 
information between LANs, between devices that are not 
connected to LANs, and the like. WANs also include public 
networks, such as the Internet, which can carry information 
for a number of companies. 

A number of problems have arisen in connection with 
transfer of information over networks, particularly public 35 
networks. One significant problem is privacy, to ensure that, 
if information to be transferred from a source device to a 
destination device over the network is intercepted by a third 
device, the intercepting device cannot determine what the 
actual information is. Cryptographic techniques are used to 
address this problem. Generally, in such techniques, the 
information to be transferred, which is termed "plaintext," is 
encrypted using one of a plurality of encryption techniques 
by the source device. After encryption, the source device 
transfers the encrypted information, which is termed 
"ciphertext," to the destination device, which performs a 
decryption operation on the encrypted information to 
recover the plaintext. 

A number of cryptographic techniques have been devel- 
oped. In one technique, termed an "electronic codebook'' 50 
mode, the plaintext information to be transferred is divided 
into a series of blocks, and each block is encrypted inde- 
pendently of the others to generate ciphertext blocks for 
transfer. Essentially, for each block of plaintext, an 
encrypted ciphertext block C,- is formed using a encryption 55 
algorithm "E" and a particular encryption key "enc_key," 
that is, C,=E^,^_jte^ (P^), When the destination device 
receives the ciphertext block C^, it can regenerate the plain- 
text block P,- using the appropriate decryption algorithm "D" 
and decryption key "dec__key," that is, P=D^^^_j^^ (C,). go 
Depending on the particular encryption and decryption 
algorithms used, the values of the encryption key enc _key 
and decryption key dec_key may differ, or they may be the 
same. 

A security problem arises in connection with use of the 65 
electronic codebook mode. Generally, for the same encryp- 
tion algorithm and value of the encryption key enc_key, the 
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same block of unencrypted information will always encrypt 
to the same encrypted information block. In many cases, 
messages transmitted from a particular source device or to a 
particular destination have fragments in common, such as 
headers transferred at the beginning of messages or footers 
at the end of messages. In addition, some types of messages, 
such as some types of electronic mail, have regular struc- 
tures. In such cases, a cryptanalyst that intercepts such 
messages can mount statistical attacks which can provide 
information regarding the plaintext of the messages being 
transferred without knowing the particular encryption algo- 
rithm or the encryption key that were used in encrypting the 
messages. 

This problem is addressed by use of a "cipher block 
chainmg" mode. In cipher block chaining, information to be 
transferred is, like in the electronic codebook mode, 
encrypted in blocks, but each plaintext information block is, 
prior to encryption, pre-processed in connection with the 
ciphertext generated for the previous block. The pre- 
processed block is then encrypted for transmission. Thus, for 
each information block P^ to be transferred, an encrypted 
information block C,- is fonmed as C,=E^„^_jt^ (P,-©C,_i), in 
which represents a predetermined pre-processing 
operation. Generally, the selected pre-processing operation 
used in the cipher block chaining mode is the bit-wise 
exclusive-OR operation. The first information block Pi to be 
transferred is processed in connection with a block termed 
an "initialization vector," or "IV," which is also transferred 
to or otherwise known by the destination device. When the 
destination device receives the ciphertext block, it can 
regenerate the plaintext information block as P,=Q-_i 
®^enc_key ^ith the initialization vector being used in 
connection with processing of the first encrypted informa- 
tion block C J . 

Generally, the cipher block chaining mode provides for 
more security than the electronic codebook mode, since, 
even if there is a significant degree of repetition among 
fragments of plaintext messages to be transferred, the pre- 
processing will generally ensure that the ciphertext itself 
does not repeat if different initiahzation vectors are used for 
the different message packets. Any values can be used as the 
initialization vector, such as random numbers. If the source 
device uses random numbers as the initialization vectors, it 
will need to provide the initiahzation vector to the destina- 
tion device, either along with the message or separately 
(especially a value that must be sent for other purposes, such 
as a message sequence number), which the destination 
device can use in generating the unencrypted information 
block. 

However, in some situations there is no room in the 
message for the initialization vector, or it may otherwise be 
inconvenient to transfer the initialization vector to the des- 
tination device. In such situations it is often desired to use 
a value as the initialization vector that is either sent as 
plaintext along wdth the message, or a value that is otherwise 
known to or inferrable or derivable by the destination device 
and which need not be transferred, such as a message 
sequence number, time stamp, or the like. A problem arises 
in connection with use of such values as an initialization 
vector. Often, if values such as packet sequence numbers or 
time stamps are used as the initialization vector, the values 
will not change significantly from one message to the next, 
and so the pre-processed plaintext processed with such 
initialization vectors also will not change significantly from 
one message to the next. With some types of encryption 
algorithms, a cryptanalyst, who intercepts message packets 
containing ciphertext which was encrypted with such 
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algorithms, can successfully use well-knowQ "dififerential 
cryptanalysis" techniques when the information being 
encrypted (in this case, the pre-processed plaintext) for 
successive messages differs in only a few bits, to recover 
information about the information being transferred. 
Accordingly, it is generally not considered good security 
practice to use information such as a packet sequence 
number or time stamp as the initialization vector, even 
though it is guaranteed to be different in every message. 

SUMMARY OF THE INVENTION 

The invention provides a new and improved communi- 
cations system and method for providing a secure commu- 
nications channel, and more particularly a new and 
improved system and method for deriving an appropriate 
initialization vector for use in encryption methodologies, 
such as the cipher block chaining mode, cipher-feedback 
mode, output-feedback mode and other encryption modes 
which make use of initialization vectors, for encrypting 
information to be communicated. 

In brief summary, the invention provides in one aspect a 
ciphertext information generating system and method for 
generating ciphertext from plaintext. The ciphertext infor- 
mation generating system comprises an initialization vector 
generator and an encryption module. The initialization vec- 
tor generator is configured to receive a selected input value 
and generate an initialization vector therefrom using a 
selected initialization vector generation methodology. The 
selected input value used in generating the initialization 
vector is different for each plaintext and may comprise, for 
example, a sequence number or a time stamp. The selected 
initialization vector generation methodology is selected so 
that 

(a) a small change of the selected input value will result 
in a large change in the initialization vector; and 

(b) for any two randomly-selected selected input values, 
it is unlikely that the corresponding initialization vec- 
tors will have the same value. 

The encryption module is configured to generate the cipher- 
text from the plaintext and the initialization vector in accor- 
dance with a selected encryption methodology and encryp- 
tion key. In one embodiment, a hashing methodology, such 
as the MD5 hashing methodology is used as the selected 
initialization vector generation methodology. 

By ensuring that small changes in the selected input 
values used in generating initialization vectors for succes- 
sive plaintexts result in large changes in the initialization 
vector, values such as the sequence number or time stamp, 
which normally may not change by a very large amount for 
successive ciphertexts, may be conveniently used in gener- 
ating the initialization vector, and still provide an acceptable 
degree of security. 

In another aspect, the invention provides a plaintext 
information generating system and method for generating 
plaintext from ciphertext. The plaintext information gener- 
ating system comprises an initialization vector generator and 
a decryption module. The initialization vector generator is 
configured to receive a selected input value and generate an 
initialization vector therefrom using a selected initialization 
vector generation methodology. The selected input value 
used in generating the initiaUzation vector is different for 
each ciphertext, and may comprise, for example, a sequence 
number or a time stamp. The selected initialization vector 
generation methodology is selected so that 

(a) a small change of the selected input value will result 
in a large change in the initialization vector; and 
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(b) for any two randomly-selected selected input values, 
it is unlikely that the corresponding initialization vec- 
tors will have the same value. 
The decryption module is configured to generate the plain- 
s text from the ciphertext and the initialization vector in 
accordance with a selected decryption methodology and 
decryption key. In one embodiment, a hashing methodology, 
such as the MD5 hashing methodology is used as the 
selected initialization vector generation methodology. 

10 

BRIEF DESCRIPTION OF THE DRAWINGS 

This invention is pointed out with particularity in the' 
appended claims. The above and further advantages of this 
invention may be better understood by referring to the 
following description taken in conjunction with the accom- 
panying drawings, in which: 

FIG. 1 is a functional block diagram of a communication 
system, including a plurality of communication devices 
2Q which provide a secure communication channel in accor- 
dance with the invention; 

FIG. 2 schematically depicts operations performed by the 
communication devices in encrypting plaintext information 
using the cipher block chaining mode in accordance with the 
25 invention to generate ciphertext information for transfer in 
message packets over the communication channel; 

FIG. 3 schematically depicts operations performed by the 
communication devices in decrypting ciphertext information 
received in message packets over the communication link, 
30 using the cipher block chaining mode in accordance with the 
invention, to generate plaintext information; and 

FIGS. 4, 4A, and 4B depict a flowchart useful in under- 
standing the operations performed by the communication 
devices in generating and transferring message packets in 
the system depicted in FIG. 1. 

DETAILED DESCRIP^HON OF AN 
ILLUSTRATIVE EMBODIMENT 

4Q FIG. 1 is a functional block diagram of a communication 
system 10, including a plurality of communication devices 
11(1) through 11(N) (generally identified by reference 
numeral ll(n)) interconnected by a network represented in 
FIG. 1 by communication link 12. The communication 

45 devices ll(n) may comprise any of a number of types of 
devices which may engage in communications over the 
network, including, for example, computers (including per- 
sonal computers, workstations, and mini- and mainframe 
computers), mass storage subsystems, network interfaces 

5Q and other elements for generating and using data, whether in 
digital form or otherwise. 

The network may comprise a local area network (LAN), 
a public or private wide area network (WAN), a network 
such as the Internet or public telephony network, or any 

55 combination of such networks. As is conventional, the 
network includes a communications medium over which the 
communication devices ll(/t) communicate, which can 
include, for example, wires, optical fibers or other media for 
carrying signals representing information among the com- 

60 munication devices. 

The devices 11(/?) communicate with each other in the 
form of message packets that are transferred over commu- 
nication link 12. During such communications, infonmation 
is transferred in encrypted form in the message packets that 

65 are transferred from one communication device 11 (/i), as a 
source device l(n^) (subscript "S" indicating the source 
device), to the other communication device ll(/t'), as a 
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destination device ll(n^) (subscript "D" indicating the 
destination device) over the communication link 13. The 
communication devices ll(/i) and may communicate 
bidirectionally, in which case the communication device 
ll(n^ may also operate as a source device to transfer 5 
message packets to the communication device 11(«) oper- 
ating as a destination device. In any case, the respective 
source device ll(nj uses the cipher block chaining mode 
with any convenient encryption algorithm and encryption 
key to generate the message packet, as will be described 
below in connection with FIG. 2, from the plaintext infor- 
mation to be transferred. The destination device 
receives the message packet and, using the cipher block 
chaining mode with the appropriate decryption algorithm 
and decryption key, will regenerate the plaintext 
information, as will be described below in connection with 
FIG. 3. 

One communication device, namely, communication 
device 11(1), is shown in detail in FIG. 1, and other 
communication devices ll(n) may be structured similarly. 20 
As shown in FIG. 1, the communication device 11(1) 
includes an information input buffer 20, an information 
output buffer 21, an encrypt/decrypt module 22, an initial- 
ization vector generator 23, a message generator/receiver 24 
and a packet sequence number generator 25. The informa- 25 
tion input buffer 20 receives information, in plaintext form, 
that is to be transferred to another communication device 
ll(n) (n^l) over the communication link 12, with the 
communication device 11(1) operating as a source device. 
The plaintext information may be generated by and/or 30 
otherwise provided to the information input buffer 20 by 
other components (not shown). The packet sequence number 
generator 25 generates a packet sequence number for a 
message packet in which the information, after being 
encrypted, will be transferred to another communication 35 
device 11(«) (n^l) over the communication link 12. The 
initialization vector generator 23 receives the packet 
sequence number from the packet sequence number genera- 
tor 25 and generates therefrom an initialization vector. 

The encrypt/decrypt module 22 receives the information 40 
from the information input buffer 20 and the initialization 
vector generated by the initialization vector generator 23 and 
performs an encryption operation in connection therewith to 
generate ciphertext information that is provided to the 
message generator/receiver 24. In performing the 45 
encryption, the encrypt/decrypt module 22 operates in 
accordance with the cipher block chaining mode using any 
convenient encryption algorithm and encryption key. The 
message generator/receiver 24, in turn, receives the cipher- 
text information and generates a message packet including 50 
the ciphertext and transmits it (that is, the message packet) 
over the communication link 12. The message packet gen- 
erated by message generator/receiver 24 may have any of a 
number of packet formats as may be required for the 
network; if the packet format permits or requires that the 55 
packet sequence number be included in the packet, the 
message generator/receiver 24 may or will also receive the 
packet sequence number from the packet sequence number 
generator 25 for inclusion in the message packet. 

The message generator/receiver 24 also receives message 60 
packets from the communication Link 12 which are traas- 
mitted to the communication device 11(1) by other commu- 
nication devices ll(w) (n?*!) operating as source devices. In 
that connection, the communication device 11(1) will be 
operating as a destination device. In such an operation, the 65 
message generator/receiver 24 receives the message packet 
and provides the information from the message, which is in 
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ciphertext, to the encrypt/decrypt module 22 for decryption. 
In addition, if the message packet contains the packet 
sequence number, the encrypt/decrypt module 22 provides 
that packet sequence number to the initialization vector 
generator 23; otherwise, the packet sequence number gen- 
erator 25 will also generate a packet sequence number for 
the received message packet for provision to the initializa- 
tion vector generator 23. In any case, the initialization vector 
generator 23 will generate from the packet sequence number 
an initialization vector for provision to the encrypt/decrypt 
module 22. 

The encrypt/decrypt module 22 receives the information 
in ciphertext form from the message generator/receiver 24 
and the initialization vector from the initialization vector 23 
and generates therefrom decrypted information, that is, 
information in plaintext form, for storage in the output 
information buffer 21. In decrypting the ciphertext 
information, the encrypt/decrypt module 22 will use a 
decryption algorithm and decryption key that is appropriate 
for the encryption algorithm and encryption key that were 
used by the source device 11(aj) (n^l) in generating the 
ciphertext information. After the plaintext information is 
stored in the output information buffer 21, it may be pro- 
vided to and used by other components (not shown) for 
storage, processing and/or other operations. 

Before proceeding further, it would be helpful to describe 
the operations performed by the encrypt/decrypt module 22 
and the initialization vector generator 23 in more detail. FIG, 
2 schematically depicts operations performed by the 
encrypt/decrypt module 22 and initialization vector genera- 
tor 23 in connection with encrypting of the plaintext infor- 
mation to generate ciphertext information for transfer over 
the communication link 12, and FIG. 3 schematically depicts 
operations performed by the encrypt/decrypt module 22 and 
initialization vector generator 23 in connection with decrypt- 
ing of the ciphertext information received over the commu- 
nication link 12 to generate plaintext information. With 
reference initially to FIG. 2, and in accordance with the 
cipher block mode, the encrypt/decrypt module 22 divides 
the plaintext information into a series of blocks P„ P2, . . . 
(generally P^) and performs encryption in a series of stages, 
each stage being identified by a reference numeral 30(/), to 
generate a ciphertext block Q. The encrypt/decrypt module 
22 provides the series of ciphertext blocks C^, C2, , . . 
(generally C,) to the message generator/receiver 24 for 
transmission as described above. In each stage 30(i), the 
encrypt/decrypt module 22 initially performs a bit- wise 
exclusive-OR operation, represented in FIG. 2 by in 
connection with the plaintext block P. and the ciphertext 
block C,_i generated by the previous stage 30(i-l), The 
result of the excltisive-OR operation are then encrypted 
using a selected encryption algorithm "E" and encryption 
key, represented in FIG. 2 by "K," to generate the ciphertext 
block Q for the stage 30(i). Thus, for the plaintext block P^, 
the ciphertext block Q is generated as C/=Ej^P,©C,_i), 
where "K" represents the encryption key. For the first stage 
30(1), in which the plaintext block P, is encrypted, the 
initialization vector "INIT_VECTOR," provided by the 
initialization vector generator 23, is used in the exclusive- 
OR operation. 

With reference to FIG. 3, to decrypt the ciphertext 
received by the message generator/receiver 24, the encrypt/ 
decrypt module 22 divides the received ciphertext informa- 
tion into a series of blocks C,-, Q, . . . (generally Q) and 
performs decryption in a series of stages, each stage being 
identified by a reference numeral 31(i), to generate a plain- 
text block P;. In each stage 31(/), the encrypt/decrypt module 
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22 initially perfonns a decryption operation using the appro- With respect to characteristic (i), it is prefened that the hash 
priate decryption algorithm "D" and decryption key, repre- function be selected so as to ensure that at least one-half of 
scnted in FIG. 3 by "K." Thereafter, the stage 31(C) performs the bits of the binary representation of the hashed packet 
a bit-wi^ exclusive-OR operation in connection with the sequence number be change if the packet sequence number 
results of the decryption and the previous ciphcrtext block in s changes by the small value. One hash function that has these 
toe series C to generate the plaintext block P, for the stage characteristics (0 and (ii) is the well-knov^-n MD-5 hash 
31(0. Tb^, for the ciphertext block C, the pkintext block i, ^ appreciated that characteristic (i) will 
P,. is generated as P~C,._i ©Djj{Q, where "K" represents ,i„, r ■ i e ,u i . 

the decryption key. For ie fir^ stage 30(1), in which the ™ ^^'tK^TZT ""^^^ °J ^''v' 

ciphertext block Q is encrypted, the initialization vector ™mber PKT_SEQ NO provided by the packet sequence 

"INIT_VECTOR," provided by the initialization vector '° "^mber generator 25, for which only a smaU number of bits 

generator 23, is used in the exclusive-OR operation. ve^t^Z^-''^r^'R°"' "^T^^ 

. . J L 1- . vectors INIT_VECTOR generated by the initialization vec- 
As noted abov^ toe initial^tion vector generator 23 in tor generator 23 a large niinber of bits wUl change. This will 
boto encrypuon (FIG. 2) and decryption (FIG 3) generates ^ubstantiaUy reduce toe likehhood toat differential cryptana- 
an iniUaliza ion vector for use by the encrypt/decrypt mod- j techniques can successfiilly be used. It wiU further be 
uie rrom tne pacKet sequence numt^er provided toereto by appreciated that the initialization vector generator 23 in both 
the packet sequent number generator 25 or toe message t^e source and destination devices 11(1) and Il(«„) will 
generator/receiver 24^Typically, he packet sequence num- ^^ed to use the same hashing algoritom so that boto will 
ber is incremented by a prede termmed value, typically ^te the same initialization vector INIT VECTOR for 
one for successive message packets that are transmitted to ^ encrypting the plaintext to generate toe cipllertext (m the 
a particular destination device during for example, a com- case of the source device) and decrypting the ciphertext (in 
munications session between the destination device and a the case of the destination device), 
particular source device. Tlius, assuming that all packets Operations performed by a source device and a destina- 
transmitted by toe source device are received by toe dwti- device in transferring information wiU be described in 
na ion device in order, the destmation device will Itself be ,5 connection wito the flowchart depicted in FIG. 4. Wito 
able to generate for each message packet transferred by toe reference to FIG. 4, toe information to be transferred in a 
source device, the packet sequence number for the respec- message packet is loaded in plaintext form in toe informa- 
tive packet, to such cases, the source device would not need ti^^ j buffer 20 of toe source device (step 100). The 
to provide toe packet sequence nmnber to the destination „^ber generator 25 generates a packet 
device. However if message packets may be dropped or be 30 sequence number PKT_SEQ_NO for the message packet 
received by toe destination device out of order, preferably ^^.^^^ the information is to be transferred and provides it 
toe source device will provide the packet sequence number th,. initialization vector generator 23 (step 101). which 
tor each message packet to the destination device, eitoer in processes the packet sequence number in connection with 
the message packet or separately. In any case, if packet the selected hash algoritom to generate the initialization 
sequence numbers for successive message packets are mere- 35 sector INIT_VECTOR (step 102). The encrypt/decrypt 
mented by one, in the binary representation for toe ,^„dule 22 receives the plaintext information from the 
sequence number generaUy only a few bits m toe sequence information input buffer 20 and toe initialization vector 
number wiU change from one menage packet to the next. iNIT_VECroR from the initialization vector generator 23 
For at least some encryption algonthms "E, if the mihal- ^^^^3 j^em in connection wito toe cipher block 
ization vector generator 23 were to provide the packet chaining mode, in stages as described above in connection 
sequence number PKT SEQ NO as the initialization vec- ^th FIG. 2, using a selected encryption algorithm and 
tor INIT_VECTOR, differential cryptanalysis techmques encryption key. to generate information in ciphertext form 
may be useful in generating information, particularly key (^tep 103). The ciphertext information is provided to the 
information, from the resulting ciphertexts, particularly if message generator/receiver 24. which generates a message 
first one or several plaintext blocks P,, P^, . . . are the same 45 packet including toe ciphertext infomialion for transfer over 
or similar as among toe plaintext mfonnation to be trans- t^e communication link 12 to toe destination device (step 
ferred m successive message packets. ^q^^ 

In accordance with the invention, instead of providing the The destination device's message generator/receiver 24 

packet sequence number PKT„SEQ„NO to the encrypt/ receives the message packet from the communication link 

decrypt module 22 as the initializaUon vector INIT_ 50 12 and provides the ciphertext information to the encrypt/ 

VECTOR, the initiahzation vector generator 23 processes decrypt module 22 (step 105). In addition, a packet sequence 

the packet sequence number PKT„SEQ_NO in accordance number PKT_SEQ_NO for the packet is provided to the 

with a selected hash function to generate a hashed packet destination device's initialization vector generator 23 (step 

sequence number, which the initialization vector generator 106), either by, for example, the packet sequence number 

23 provides to the encrypt/decrypt module 22 as the initial- 55 generator 25 or the message generator/receiver 24. The 
ization vector INIT_VECTOR. Preferably, the hash func- initialization vector generator 23 processes the packet 
tion selected for use by the initialization vector generator has sequence number in connection with the same hash function 
the following characteristics: by the source device's initialization vector generator to 

(0 if the packet sequence number changes by a small generate the same initialization vector IN1T__VECT0R 

value, such as "one," a large number of bits of the 60 (step 107), which it provides to the destination device^s 

binary representation of the "hashed" packet sequence encrypt/decrypt module 22. The destination device's 

number (that is, the value of the result of the hash encrypt/decrypt module 22 receives both the ciphcrtext from 

function as applied to the packet sequence number) will the destination device's message generator/receiver 24 and 

change, and the initialization vector IN1T_VECT0R from the destina- 

(ii) for any two randomly-selected packet sequence 65 tion device's initialization vector generator 23 and processes 

numbers, it is unlikely that the corresponding hashed them in connection with the cipher block chaining mode, in 

packet sequence numbers will have the same value. stages as described above in connection with FIG. 3, using 
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an appropriate decryption algorithm and decryption key, to 
generate information in plaintext form (step 108), 
Thereafter, the destination device ll(«x>) may perform a 
plaintext verification step (step 109), as will be described 
below, to verify that the plaintext is sensible. If the desti- 
nation device ll(/ijr>) makes a positive determination in step 
109, it can store the plaintext in the destination device's 
information output buffer 21 (step 110). 

If, on the other hand, the destination device ll(/Zjr,) makes 
a negative determination in step 109, that is, if it determines 
that the plaintext is not sensible, as will be described below, 
the packet sequence number PKT__SEQ_NO that was used 
in generating the initialization vector was not the correct 
packet sequence number. This may occur if, for example, a 
message packet was lost or the message packet was received 
out of order. In that case, the destination device ll(n^) can 
repeat steps 107 and 108, using one or more other numbers 
as assumed packet sequence numbers in generating respec- 
tive initialization vector(s), decrypt the ciphertcxt using the 
respective initialization vector(s) to generate respective 
plaintext(s), and determine a sensible one of the plaintext(s) 
so generated as the correct plaintext (step 111). Techniques 
that the destination device ll(n^) can use in connection with 
step 109 will be described below. 

The invention provides a number of benefits. In particular, 
it provides a communications system over which informa- 
tion is transmitted in message packets, the information being 
encrypted in accordance with the cipher block chaining 
mode, and that further reduces the likelihood that differential 
cryptanalysis techniques can successfully be used to over- 
come the encryption even if initialization vectors are used 
which are based on information, such as packet sequence 
numbers or time stamps, which will generally not change 
substantially for successive message packets. 

It will be appreciated that a number of changes and 
modifications may be made to the system as described 
above. For example, although the invention has been 
described in connection with use of the cipher block chain- 
ing mode, it will be appreciated that a system and devices in 
accordance with the invention can make use of other 
encryption/decryption modes, such as the output-feedback 
mode, cipher-feedback mode, and other modes which make 
use of an initialization vector. 

Furthermore, although the communication devices 11 (k) 
have been described as providing bi-directional communi- 
cations therebetween, it will be appreciated that at least 
some of the communications devices ll(n) may provide for 
only unidirectional communications. In that case, if a com- 
munication device ll(n) only operates as a source device, it 
would not need to include an information output buffer 21. 
In addition, the message generator/receiver module 24 
would only need to be able to transmit message packets and 
the encrypt/decrypt module 22 would only need to be able 
to encrypt the plaintext information. On the other hand, if a 
communication device only operates as a destination device, 
it would not need to include an information input buffer 20, 
In addition, the encrypt/decrypt module 22 would only need 
to be able to decrypt message packets and the message 
generator/receiver module 24 would only need to be able to 
receive message packets. 

In addition, it will be appreciated that the invention can 
also be used in connection with a wide variety of commu- 
nications systems, including systems in which information is 
not just transferred spatially, as is the case in system 10 as 
described above, but also or instead temporally. In that case, 
for example, information may be stored on, for example, a 
storage medium, such as a magnetic disk or tape, for later 



retrieval by the same device that stored the information, or 
by a different device. The information is stored in encrypted 
form generated using the cipher block chaining mode and 
any convenient encryption algorithm and encryption key in 
5 the same manner as described above, and further using a 
hashed value as the initialization vector. In this case, the 
value that is hashed for use as the initialization vector may 
be, for example, a value that corresponds or is otherwise 
related to the storage address or location of the information 
10 on the storage medium, and therefore need not be stored 
with the ciphertext. Other suitable values will be apparent to 
those skilled in the art. 

Furthermore, although system 10 has been described as 
using packet sequence numbers in generating the initializa- 
15 tion vector INIT_VECTOR, it will be appreciated that other 
information can be used, such as, for example, time stamps 
associated with the point in time at which the message 
packet is generated. If a time stamp is used, a small sequence 
number may also be used along with the time stamp to 
20 guarantee that unique initialization vectors are generated. 
Alternatively, the technique described in the next paragraph 
may be used to eliminate any need for the sequence number. 

As noted above, the source device ll(/i^) may provide to 
the destination device 11(/Z£)) the packet sequence number 
25 from which it generated the initialization vector INIT__ 
VECTOR that was used in encrypting the plaintext in the 
message packet associated with the packet sequence num- 
ber. However, in some cases it is not possible or desirable to 
provide the packet sequence number. If the message packets 
30 are transferred reliably (that is, if message packets are not 
lost) and in order, the destination device will be able to 
determine the packet sequence number and, iising the same 
hash function as was used by the source device, generate the 
initialization vector INIT_VECTOR for use in decryption. 
However, as also noted above, if a message packet is lost 
and not received by the destination device, or if a message 
packet is received by the destination device out of order, the 
packet sequence number that the destination device assumes 
for the message packet will be incorrect. This can be 
accommodated by having the destination device assume that 
the packet sequence number is one of several numbers close 
to the packet sequence number associated with a previous 
correctly-received message packet, and decrypt the cipher- 
text in the message packet using one or more initialization 
45 vectors each generated from a respective one of those 
numbers. The result of this operation is to generate one or 
more plaintexts, one for each initialization vector so gener- 
ated. Thereafter, the destination device can examine each 
plaintext so generated to determine whether the respective 
50 plaintext is sensible, and select the plaintext that is sensible 
or that appears to be most sensible as the properly decrypted 
plaintext. 

Several techniques can be used to determine which plain- 
text is the one sensible decryption of the ciphertext, or which 

55 plaintext appears to be the most sensible decryption of the 
ciphertext. For example, a checksum, digital signature or the 
like that is based on the plaintext may be provided in or 
otherwise associated with the message packet; in that case, 
the destination device can determine that a decrypted plain- 

60 text is sensible if its checksum, digital signature, etc., 
corresponds to that provided in or associated with the 
mc&sage packet. Alternatively or in addition, information as 
to the application which generated or is to receive the 
plaintext may be used. For example, if it is known that the 

65 plaintext is in ASCII text form, the destination device can 
determine that a particular decrypted plaintext is sensible by 
checking that the high-order bit of each decrypted byte of the 
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plaintext has the value "zero." Other techniques will be 3. A ciphertext information generating system as defined 

apparent to those skilled in the art. The destination device in claim 2 in which the selected initialization vector gen- 

ll(n^) can decrypt the ciphertext received in a message eration methodology is an MD5 hashing methodology, 

packet as described above one or more times using respec- 4. A ciphertext information generating system as defined 

tive numbers as the assumed packet sequence number until s in claim 1 in which the selected characteristic is a ciphertext 

it generates a plaintext that it determines to be sensible, or sequence number. 

it can decrypt the ciphertext a plurality of times using 5. A ciphertext information generating system as defined 

respective numbers as the assumed packet sequence number in claim 1 in which the selected characteristic is a time 

and determine which plaintext so generated it determines to stamp. 

be the most sensible. 6. A ciphertext information generating system as defined 

Similar operations can be used if a time stamp is used in in claim 1 further including a ciphertext information utili- 

generating the initialization vector. zation module configured to utiUze the ciphertext. 

It will be appreciated that, in most cases, message packets 7. A ciphertext information generating system as defined 
will be delivered reliably (that is, message packets will not in claim 6 in which the ciphertext information utilization 
be lost) and in order, in which case generally the correct module comprises a message packet transfer module con- 
packet sequence number associated with a message packet 15 figured to generate a message packet including the cipher- 
will be the next packet sequence number after the packet text for transfer over a network. 

sequence number associated with the previous correctly- 8. A ciphertext inforaiation generating system as defined 

received message packet. in claim 7 in which the message packet transfer module is 

It will be appreciated that a system in accordance with the further configured to associate the selected input value with 

invention can be constructed in whole or in part from special 20 the message packet. 

purpose hardware or a general purpose computer system, or 9. A ciphertext information generating system as defined 

any combination thereof, any portion of which may be in claim 6 in which the ciphertext infonnation utilization 

controlled by a suitable program. Any program may in module comprises an information store for storing the 

whole or in part comprise part of or be stored on the system ciphertext. 

in a conventional manner, or it may in whole or in part be 25 10. A ciphertext information generating system as defined 

provided in to the system over a network or other mecha- in claim 9 in which the initialization vector generator is 

nism for transferring information in a conventional manner configured to use a storage address in the infonnation store 

In addition, it will be appreciated that the system may be as the input number 

operated and/or otherwise controUed by means of informa- ' ^ plaintext information generating system for gener- 

nnl llZtfJ^- r "^^'h ""'"^^ IT 'TL^^'""?^' 30 ating plaintext from ciphertext, said plaintext infonnation 

(not shown) which may be connected directly to the system „^r.^Sir.^ ..r^t^^ 

or which may transfer the information to the system over a S^^/^^trng system comprising: 

network or other mechanism for transfening information in initialization vector generator configured to receive 

a conventional manner. ^ selected input value and generate an initialization 

The foregoing description has been limited to a specific vector therefrom using a selected initiahzation vector 

embodiment of this invention. It will be apparent, however, ^5 generation methodology, 

that various variations and modifications may be made to the (0 the selected input value being different for each 

invention, with the attainment of some or all of the advan- plaintext and being associated with a selected char- 

tages of the invention. It is the object of the appended claims acteristic of said ciphertext, 

to cover these and such other variations and modifications as (ii) the selected initialization vector generation meth- 

come within the true spirit and scope of the invention. 40 odology being selected so that 

What is claimed as new and desired to be secured by (a) a small change of the selected input value will 

Letters Patent of the United States is: result in a large change in the initialization vector; 

1. A ciphertext information generating system for gener- and 

ating ciphertext from plaintext, said ciphertext information (b) for any two randomly-selected selected input 

generating system comprising: 45 values, it is unhkely that the corresponding ini- 

A. an initialization vector generator configured to receive tialization vectors will have the same value; and 
a selected input value and generate an initialization B. a decryption module configured to generate the plain- 
vector therefrom using a selected initiaHzation vector text from the ciphertext and the initialization vector 
generation methodology, using a selected decryption methodology and dccryp- 

(i) the selected input value being different for each 50 tion key. 

plaintext and being associated with a selected char- 12. A plaintext infonnation generating system as defined 

acteristic of said plaintext, in claim 11 in which the selected initialization vector gen- 

(ii) the selected initialization vector generation meth- eration methodology is a hashing methodology, 
odology being selected so that 13. A plaintext infonnation generating system as defined 

(a) a small change of the selected input value will 55 in claim 12 in which the selected initialization vector 
result in a large change in the initialization vector; generation methodology is an MD5 hashing methodology, 
aii^ 14. A plaintext information generating system as defined 

(b) for any two randomly-selected selected input in claim 11 in which the selected characteristic is a cipher- 
values, it is unlikely that the corresponding ini- text sequence number 

tialization vectors will have the same value; and 60 15. A plaintext information generating system as defined 

B. an encryption module configured to generate the in claim 11 in which the selected characteristic is a time 
ciphertext from the plaintext and the initialization vec- stamp. 

tor using a selected encryption methodology and 16. A plaintext information generating system as defined 

encryption key. in claim 11 further including a ciphertext information utUi- 

2. A ciphertext information generating system as defined 65 zation module configured to utilize the ciphertext. 

in claim 1 in which the selected initialization vector gen- 17. A plaintext information generating system as defined 

eration methodology is a hashing methodology. in claim 16 in which the ciphertext information utilization 
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module comprises a message packet receiving module con- in performing the verification operation, enable the initial- 
figured to receive a message packet including the ciphertext ization vector generating module to generate a plurality of 
for transfer over a network and provide the ciphertext m the initialization vectors each from a respective one of a plu- 
message packet to the decryption module. rality of input values, the decryption module generating a 

18. A plaintext information generating system as defined 5 trial plaintext from each of said initialization vectors and 
in claim 17 in which the message packet is fiirther associated providing all of these trial plaintexts with their respective 
with the selected input value, the message packet receiving sensibilities. 

module being further configured to provide the associated 30. A ciphertext information generating method for gen- 
selected input value to the initialization vector generator. erating ciphertext from plaintext, said ciphertext information 

19. A plaintext information generating system as defined generating method comprising: 

in claim 16 in which the ciphertext information utilization A. an initialization vector generating step in which an 

module comprises an information store and a ciphertext initializafion vector is generated fi-om a selected input 

retrieval module for retrieving the ciphertext from the infor- value using a selected initialization vector generation 

mation store for provision to the decryption module. methodology, 

20. A plaintext information generating system as defined (i) the selected input value being different for each 
in claim 19 in which the initializaaon vector generator is plaintext and being associated with a selected char- 
configured to use a storage address in the information store acteristic of said plaintext, 

as the input number. (ii) the selected initialization vector generation meth- 

21. A plaintext information generating system as defined odology being selected so that 

in claim 11 in which the decryption module is further (a) a small change of the selected input value will 

configured to perform a verification operation to verify 20 result in a large change in the initialization vector; 

sensibility of the plaintext. and 

22. A plaintext information generating system as defined (b) for any two randomly-selected selected input 
in claim 21 in which the decryption module is configured to values, it is unlikely that the corresponding ini- 
perform the verification operation by generating from at tialization vectors will have the same value; and 
least a portion of the plaintext a check value and comparing 25 B. an encryption step in which the ciphertext is generated 
the check value to a corresponding value associated with the from the plaintext and the initialization vector using a 
message packet. selected encryption methodology and encryption key. 

23. A plaintext information generating system as defined 31. A ciphertext information generating method as defined 
in claim 22 in which the check value is selected from at least ^^^^ 30 in which the selected initialization vector 
one of a checksum value and a signature value. 30 generation methodology is a hashing methodology. 

24. A plaintext information generating system as defined ^2. Aciphertext information generating method as defined 
in claim 21 in which the decryption module is configured to ^^^^ Y^'""^ selected initialization vector 
perform the verification operation in connection with a g"ion methodology is an MD5 hashing methodology^ 
verification methodology selected based on plaintext struc . 33. Aciphertext infonnation generatmg m^^ as defined 
j^^^ in claim 30 in which the selected charactcnstic is a cipncr- 

ie A 1 • . . - c . J £ J ^ ^^^^ sequence mimber. 

25. Aphintext mfonnauon generating s)^tera as defined 34.Aciphertextinfoimationgeneratinginethod as defined 
m claim 24 in which the plamtext is m ASCII text form, the ^1^;^ 39 ^y^j^ (he selected characteristic is a time 
decryption module being configured to perform the verifi- stamp. 

cation operation to verify that the plaintext is in ASCII text 35. Aciphertext information generating method as defined 

in claim 30 further including a ciphertext information utih- 

26. A plaintext information generating system as defined zation step in which the ciphertext is utilized. 

in claim 21 in which the decryption module is configured to 36. Aciphertext information generating method as defined 

perform the verification operation in connection with a in claim 35 in which the ciphertext information utilization 

verification methodology selected based on application- step includes the step of generating a message packet 

specific analysis of the plaintext. 45 including the ciphertext for transfer over a network. 

27. A plaintext information generating system as defined 37. Aciphertext information generating method as defined 
in claim 21 in which the decryption module is configured to, in claim 36 in which the message packet generating step 
in performing the verification operation, enable the initial- includes the step of associating the selected input value with 
ization vector generating module to generate a plurality of the message packet, 

initialization vectors each from a respective one of a plu- 50 38. Aciphertext information generating method as defined 

rality of input values, the decryption module generating a in claim 35 in which the ciphertext information utilization 

trial plaintext from each of said initialization vectors and step includes the step of storing the ciphertext in an infor- 

identifying therefrom a verified plaintext based on the mation store. 

sensibility of the trial plaintexts. 39. Aciphertext information generating method as defined 

28. A plaintext information generating system as defined 55 in claim 38 in which the initialization vector generation step 
in claim 21 in which the decryption module is configured to, includes the step of using a storage address in the informa- 
in performing the verification operation, in a series of tion store as the input number. 

iterations, enable the initialization vector generating module 40. A plaintext information generating method for gener- 

to generate an initialization vector, in each iteration using an ating plaintext from ciphertext, said plaintext information 

associated input value, the decryption module generating a 60 generating method comprising: 

trial plaintext using each initialization vector and determin- A. an initialization vector generating step in which an 

ing therefrom the sensibiUty of the trial plaintext generated initialization vector is generated from a selected input 

for the iteration, the series of iterations to continue until a value using a selected initialization vector generation 

trial plaintext is determined to be sensible, the sensible trial methodology, 

plaintext comprising a verified plaintext. 65 (i) the selected input value being different for each 

29. A plaintext information generating system as defined plaintext and being associated with a selected char- 
in claim 21 in which the decryption module is configured to, acteristic of said ciphertext, 
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(ii) the selected initiali2ation vector generation meth- 
odology being selected so that 

(a) a small change of the selected input value will 
result in a large change in the initialization vector; 
and 5 

(b) for any two randomly-selected selected input 
values, it is unlikely that the corresponding ini- 
tialization vectors will have the same value; and 

B. a decryption step in which the plaintext is generated 
from the ciphertext and the initialization vector using a 
selected decryption methodology and decryption key. 

41. A plaintext information generating method as defined 
in claim 40 in which the selected initialization vector 
generation methodology is a hashing methodology. 

42. A plaintext information generating method as defined 
in claim 41 in which the selected initialization vector 
generation methodology is an MD5 hashing methodology. 

43. A plaintext information generating method as defined 
in claim 40 in which the selected characteristic is a cipher- 
text sequence number. 

44. A plaintext information generating method as defined 20 
in claim 40 in which the selected characteristic is a time 
stamp. 

45. A plaintext information generating method as defined 
in claim 40 further including a plaintext information utili- 
zation step for utilizing the plaintext. 25 

46. A plaintext information generating method as defined 
in claim 45 in which the ciphertext information utilization 
step includes the step of receiving a message packet includ- 
ing the ciphertext. 

47. A plaintext information generating method as defined 30 
in claim 46 in which the message packet generating step 
includes the step of using a selected input value associated 
with the message packet in the initialization vector gener- 
ating step. 

48. A plaintext information generating method as defined 35 
in claim 45 in which the ciphertext information utilization 
step includes the step of retrieving the ciphertext from an 
information store for use in the decryption step. 

49. A plaintext information generating method as defined 

in claim 48 in which the initialization vector generation step 40 
includes the step of using a storage address in the informa- 
tion store as the input number. 

50. A plaintext information generating method as defined 
in claim 40 in which the decryption step includes the step of 
performing a verification operation to verify sensibility of 45 
the plaintext, 

51. A plaintext information generating method as defined 
in claim 50 in which the decryption step includes the step of 
performing the verification operation by generating from at 
least a portion of the plaintext a check value and comparing so 
the check value to a corresponding value associated with the 
message packet. 

52. A plaintext information generating method as defined 
in claim 51 in which the check value is selected from at least 
one of a checksum value and a signature value. 55 

53. A plaintext information generating method as defined 
in claim 50 in which the decryption step includes the step of 
performing the verification operation in connection with a 
verification methodology selected based on plaintext struc- 
ture. 60 

54. A plaintext information generating method as defined 
in claim 53 in which the plaintext is in ASCII text form, the 
decryption step including the step of performing the verifi- 
cation operation to verify that the plaintext is in ASCII text 
form. 65 

55. A plaintext information generating method as defined 
in claim 50 in which the decryption step includes the step of 



performing the verification operation in connection with a 
verification methodology selected based on application- 
specific analysis of the plaintext, 

56. A plaintext information generating method as defined 
in claim 50 in which the decryption step includes the step of, 
in performing the verification operation, enabling the ini- 
tialization vector generating step to be performed to generate 
a plurality of initialization vectors each from a respective 
one of a plurality of input values, in the decryption step a 
trial plaintext being generated from each of said initializa- 
tion vectors, and a verified plaintext being identified there- 
from based on the sensibility of the trial plaintexts, 

57. A plaintext information generating method as defined 
in claim 50 in which the decryption step includes the step of, 
in performing the verification operation, in a series of 
iterations, enabling the initialization vector generating step 
to be performed to generate an initialization vector, in each 
iteration using an associated input value, the decryption step 
including the step of generating a trial plaintext using each 
initialization vector and determining therefrom the sensibil- 
ity of the trial plaintext generated for the iteration, the series 
of iterations to continue until a trial plaintext is determined 
to be sensible, the sensible trial plaintext comprising a 
verified plaintext. 

58. A plaintext information generating method as defined 
in claim 50 in which the decryption step includes the step of, 
in performing the verification operation, enabling the ini- 
tialization vector generating step to generate a plurality of 
initialization vectors each from a respective one of a plu- 
rality of input values, the decryption step including the step 
of generating a trial plaintext from each of said initialization 
vectors and providing all of these trial plaintexts with their 
respective sensibilities. 

59. A ciphertext information generation computer pro- 
gram product configured to enable a computer to generate 
ciphertext from plaintext, said ciphertext information gen- 
eration computer program product comprising a computer- 
readable medium having encoded thereon: 

A. an initialization vector generator module configured to 
enable the computer to receive a selected input value 
and generate an initialization vector therefrom using a 
selected initialization vector generation methodology, 

(i) the selected input value being different for each 
plaintext and being associated with a selected char- 
acteristic of said plaintext, 

(ii) the selected initialization vector generation meth- 
odology being selected so that 

(a) a small change of the selected input value will 
result in a large change in the initialization vector; 
and 

(b) for any two randomly-selected selected input 
values, it is unlikely that the corresponding ini- 
tialization vectors will have the same value; and 

B. an encryption module configured enable the computer 
to generate the ciphertext from the plaintext and the 
initialization vector using a selected encryption meth- 
odology and encryption key. 

60. A ciphertext information generation computer pro- 
gram product as defined in claim 59 in which the selected 
initialization vector generation methodology is a hashing 
methodology. 

61. A ciphertext inforaiation generation computer pro- 
gram product as defined in claim 60 in which the selected 
initialization vector generation methodology is an MD5 
hashing methodology. 

62. A ciphertext information generation computer pro- 
gram product as defined in claim 59 in which the selected 
characteristic is a ciphertext sequence number. 
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63. A ciphertext information generation computer pro- 
gram product as defined in claim 59 in which the selected 
characteristic is a time stamp. 

64. A ciphertext information generation computer pro- 
gram product as defined in claim 59 further including a 
ciphertext information utilization module configured to 
enable the computer to utilize the ciphertext. 

65. A ciphertext information generation computer pro- 
gram product as defined in claim 64 in which the ciphertext 
information utilization module comprises a message packet 
transfer module configured to enable the computer to gen- 
erate a message packet including the ciphertext for transfer 
over a network. 

66. A ciphertext information generation computer pro- 
gram product as defined in claim 65 in which the message 
packet transfer module is further configured to enable the 
computer associate the selected input value with the mes- 
sage packet. 

67. A ciphertext information generation computer pro- 
gram product as defined in claim 64 in which the ciphertext 
information utilization module configured to enable the 
computer to store the ciphertext on an information store. 

68. A ciphertext information generation computer pro- 
gram product as defined in claim 67 in which the initializa- 
tion vector generator is configured to enable the computer to 
use a storage address in the information store as the input 
number. 

69. A plaintext information generation computer program 
product for generating plaintext from ciphertext, said plain- 
text information generation computer program product com- 
prising: 

A. an initialization vector generator module configured to 
enable the computer to receive a selected input value 
and generate an initialization vector therefrom using a 
selected initialization vector generation methodology, 

(i) the selected input value being different for each 
plaintext and being associated with a selected char- 
acteristic of said ciphertext, 

(ii) the selected initialization vector generation meth- 
odology being selected so that 

(a) a small change of the selected input value will 
result in a large change in the initialization vector; 
and 

(b) for any two randomly -selected selected input 
values, it is unlikely that the corresponding ini- 
tialization vectors will have the same value; and 

B. a decryption module configured to enable the computer 
to generate the plaintext from the ciphertext and the 
initialization vector using a selected decryption meth- 
odology and decryption key. 

70. A plaintext information generation computer program 
product as defined in claim 69 in which the selected initial- 
ization vector generation methodology is a hashing meth- 
odology. 

71. A plaintext information generation computer program 
product as defined in claim 70 in which the selected initial- 
ization vector generation methodology is an MD5 hashing 
methodology. 

72. A plaintext information generation computer program 
product as defined in claim 69 in which the selected char- 
acteristic is a ciphertext sequence number. 

73. A plaintext information generation computer program 
product as defined in claim 69 in which the selected char- 
acteristic is a time stamp. 

74. A plaintext information generation computer program 
product as defined in claim 69 further including a plaintext 
information utilization module for enabling the computer to 
utilize the plaintext. 
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75. A plaintext information generation computer program 
product as defined in claim 74 in which the ciphertext 
information utilization module comprises a message packet 
receiving module configured to enable the computer to 

5 receive a message packet including the ciphertext for trans- 
fer over a network and provide the ciphertext in the message 
packet to the decryption module. 

76. Aplaintext information generation computer program 
product as defined in claim 75 in which the message packet 
is further associated with the selected input value, the 
message packet receiving module being further configured 
to enable the computer to provide the associated selected 
input value to the initialization vector generator 

77. Aplaintext information generation computer program 
product as defined in claim 74 in which the ciphertext 
information utilization module is configured to enable the 
computer to retrieve the ciphertext information store from an 
information store and provide the retrieved ciphertext for 

20 processing under control of the decryption module. 

78. Aplaintext information generation computer program 
product as defined in claim 77 in which the initialization 
vector generator module is configured to enable the com- 
puter to use a storage address in the information store as the 

25 input number. 

79. Aplaintext information generation computer program 
product as defined in claim 69 in which the decryption 
module is further configured to enable the computer to 
perform a verification operation to verify sensibility of the 

30 plaintext. 

80. Aplaintext information generation computer program 
product as defined in claim 79 in which the decryption 
module is configured to enable the computer to perform the 
verification operation by generating from at least a portion 

35 of the plaintext a check value and comparing the check value 
to a corresponding value associated with the message 
packet. 

81. Aplaintext information generation computer program 
product as defined in claim 80 in which the check value is 

40 selected from at least one of a checksum value and a 
signature value. 

82. Aplaintext information generation computer program 
product as defined in claim 79 in which the decryption 
module is configured to enable the computer to perform the 

45 verification operation in connection with a verification meth- 
odology selected based on plaintext structure. 

83. Aplaintext information generation computer program 
product as defined in claim 82 in which the plaintext is in 
ASCII text form, the decryption module being configured to 

50 enable the computer to perform the verification operation to 
verify that the plaintext is in ASCII text form. 

84. Aplaintext information generation computer program 
product as defined in claim 79 in which the decryption 
module is configured to enable the computer to perform the 

55 verification operation in connection with a verification meth- 
odology selected based on application-specific analysis of 
the plaintext. 

85. Aplaintext information generation computer program 
product as defined in claim 79 in which the decryption 

60 module is configured to enable the computer to, in perform- 
ing the verification operation, execute the initialization vec- 
tor generating module to generate a plurality of initialization 
vectors each from a respective one of a plurality of input 
values, the decryption module enabling the computer to 

65 generate a trial plaintext from each of said initialization 
vectors and identify therefrom a verified plaintext based on 
the sensibility of the trial plaintexts. 
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86. A plaintext information generation computer program 
product as defined in claim 79 in which the decryption 
module is configured to enable the computer to, in perform- 
ing the verification operation, in a series of iterations, enable 
the initialization vector generating module to generate an 
initialization vector, in each iteration using an associated 
input value, the decryption module enabling the computer to 
generate a trial plaintext using each initialization vector and 
determine therefrom the sensibility of the trial plaintext 
generated for the iteration, the series of iterations to continue 
until a trial plaintext is determined to be sensible, the 
sensible trial plaintext comprising a verified plaintext. 
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87. A plaintext information generation computer program 
product as defined in claim 79 in which the decryption 
module is configured to enable the computer to, in perform- 
ing the verification operation, process the initialization vec- 
tor generating module to generate a plurality of initialization 
vectors each from a respective one of a plurality of input 
values, the decryption module enabling the computer to 
generate a trial plaintext from each of said initialization 
vectors and providing all of these trial plaintexts with their 
respective sensibilities. 
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